WordPress Custom Popup Builder plugin <= 1.3.1 - Improper Access Control vulnerability leading to multiple Authenticated Stored XSS
Popup | Custom Popup Builder
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Requires contributor or higher role user authentication.
Patchstack vPatch available since
Improper Access Control vulnerability leading to multiple Authenticated Stored XSS discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Custom Popup Builder plugin (versions <= 1.3.1).
Deactivate and delete. This plugin has been closed as of May 26, 2022 and is not available for download. This closure is temporary, pending a full review.